The selected configuration
must reflect the organization's needs and strategy already defined. In our case,
it was defined with the "tracking and documenting all database schema modifications"
initial request.

The default audit SCOPE, as shown, was activated for all categories except CONTEXT. This configuration produces a huge audit log, expending machine power and should be activated only when it is really needed. Nevertheless, to make additional loads to yours UNIX machine, you could try full auditing using the "scope all status both" option.

d.) Flush any Pending
audit records from the instance and write them to the audit log.

$ db2audit flush
AUD0000I Operation succeeded.

Listing 14: Flushing DB2 audit buffer

This step is necessary
to force writing of all records from the audit buffer, AUD_BUF_SZ, to the disk.

$ db2audit stop
AUD0000I Operation succeeded.
$ db2audit stop
AUD0027I A request to stop the DB2 audit facility has been processed. Note that audit may
have already been stopped on the instance.
AUD0000I Operation succeeded.

Listing 17: Stopping DB2 instance auditing

The db2audit
system is a very finely developed system command with integrated software controls.
One of
them is displayed, where repeatedly executed stop commands generate status messages
about the audit condition.

Conclusion

DB2 is a
complex relational database system. An average DB2 DBA typically has to spend a
fair amount of time reading and researching before configuring an effective
company auditing policy. Until now, a comprehensive DB2 audit guideline was not
available to the public. The default settings are too offensive for regular
usage and most of the systems need only audit objectives that cover critical
and important areas of DB2 security, connectivity, backup and recovery. In the
future, I hope that IBM will produce at least one "DB2 audit guideline"
to help companies with no high skilled technical staff to implement an appropriate
level of security measures.